<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="Step 2: Obtaining the Certificate">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="openstack_00011.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="30-OceanProtect Appliance 1.5.0-1.6.0 Help Center">
<meta name="DC.Publisher" content="20241029">
<meta name="prodname" content="csbs">
<meta name="documenttype" content="usermanual">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="openstack_00012">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>Step 2: Obtaining the Certificate</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="openstack_00012"></a><a name="openstack_00012"></a>

<h1 class="topictitle1">Step 2: Obtaining the Certificate</h1>
<div><p>When registering an OpenStack protected environment, you can import the CA certificates of OpenStack on the <span>OceanProtect</span> to improve access security between devices. Otherwise, the system cannot verify information about the accessed devices, causing security risks. This operation is optional. You can obtain it from the administrator or download it by yourself. This section describes how to download a certificate.</p>
<div class="section"><h4 class="sectiontitle">Procedure</h4><ol><li><span>Open the Chrome browser, enter the Keystone V3 address in the address box, and press <strong>Enter</strong>.</span><p><p>For details about how to obtain the Keystone V3 address, see <a href="openstack_00010.html">Preparing for the Backup</a>.</p>
<p>Example: https://identity.az236.dc236.huawei.com:443/identity/v3</p>
</p></li><li><span>Click <strong>Not secure</strong> on the left of the URL bar, and click <strong>Certificate is not valid</strong>.</span><p><p>The displayed information varies depending on the browser. The following uses Google Chrome 120 as an example.</p>
<p><span><img src="en-us_image_0000002095776757.png"></span></p>
</p></li><li><span>In the dialog box that is displayed, click the <strong>General</strong> tab to view the certificate security algorithm level.</span><p><p>Only algorithms with the security level of SHA-256 or higher can pass the verification of the <span>OceanProtect</span>. Therefore, if the certificate security level does not meet the requirements, contact the administrator to obtain the certificate. If the certificate security level meets the requirements, go to <a href="#openstack_00012__li598391412101">4</a>.</p>
<p><span><img src="en-us_image_0000001929752165.png"></span></p>
</p></li><li id="openstack_00012__li598391412101"><a name="openstack_00012__li598391412101"></a><a name="li598391412101"></a><span>Click the <strong>Details</strong> tab, select the highest-level certificate name in the <strong>Certificate Hierarchy</strong> area, and click <strong>Export</strong>.</span></li><li><span>Export the certificate and rename the certificate file <em>XXX</em><strong>.pem</strong> as prompted. The renaming method is as follows:</span><p><ol type="a"><li>Upload the certificate file to the temporary directory on the agent host. The <strong>/tmp</strong> directory is used as an example in the following steps.</li><li>Run the following commands to convert the certificate file to the .pem format (<em>XXX</em><strong>.crt</strong> indicates the certificate file name before conversion and <em>XXX</em><strong>.pem</strong> indicates the certificate file name after conversion):<pre class="screen">cd /tmp/</pre>
<pre class="screen">openssl x509 -in <em>XXX</em><em>.crt</em> -out <em>XXX</em><em>.pem</em></pre>
</li><li>Download the certificate file converted to the .pem format.<div class="note"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p>Register OpenStack with the <span>OceanProtect</span>. The certificate must be in .pem format.</p>
</div></div>
</li></ol>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="openstack_00011.html">Backing Up an OpenStack Cloud Server</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>